Open Sesame: Windows hack with voice command

Open Sesame: Although Microsoft is supposedly trying hard to make Windows 10 more secure, there are the in certain features that make the life of hackers very easy.

Μια νέα που ονομάζεται Open Sesame επιτρέπει στους hackers να τρέξουν on a Windows 10 PC using just their voice.Open Sesame

The bug exists in the digital assistant Cortana and it was revealed by a researchers at the Black Hat conference in Las Vegas.

Researchers report that with this bug anyone could gain access to sensitive files, connect to malicious sites, download and execute infected files, and gain increased privileges (administrator level) on a locked computer.

All this can happen because the Windows 10 UI allows applications to run in the background while the computer is locked. So without having to access the mouse or keyboard of the device, the Cortana digital assistant can run several processes.

Security researchers Amichai Shulman, Tal Be'ery of Kzen and Ron Marcovich and Yuval Ron of the Israel Institute of Technology discovered the flaw and reported it to Microsoft in April, according to a ThreatPost report (Black Hat 2018: Cortana Flaw Allowed Takeover of Locked Windows 10 Device).

The Open Sesame error has already been documented by the code name CVE-2018-8140 and Microsoft reports that no exploit has yet been disclosed.

The flaw exists in Windows 10 Fall Creators Update builds ( ) and April 2018 Update (build 1803).

Open Sesame, What can you do? Updates are already running, so just let your system know.

_________________________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).